talking about computers and design
by Ralph Grabowski

Jan 18, 2017

When a virus isn't

Not ransomware, either

Last week a pair of folders appeared on my desktop computer, the workhorse that makes most of my income. The new folders had random letters, as shown below: A3fOg and X1W2J2. When I erased them, they reappeared a few minutes later with different names.

Each folder contained 10 files, such as .rtf, jpg, and .docx, with unusual looking file names. See figure below.

Naturally I installed and ran Malwarebytes, and it found some potential viruses that Microsoft's anti-virus utility missed. But the folders remained.

Naturally I researched what might have caused the folders and odd files but the google was silent on them. I did learn that innocuous looking files, like the .doc file, could contain VBA code that, when run, locks up files on the computer -- ransomware.

I worried about the spread, as I found a similar set of folders on my laptop. Two other desktop computers in my office were unaffected.

After a few days of research failures, I simply changed their attributes to Hidden and Read-only. After a day or so, the attributes would be removed automagically. I figured if I ignored the files, no harm would (probably) come to my machine. There wasn't much else I could do. I was puzzled, however, that the anti-ransomware software didn't squawk about the mystery folders and files.

This morning, all was revealed: the folders and files were placed by the anti-ransomware software (Cyberreason Ransomfree) as honey pots. It's one of the tactics the utility uses to determine if ransomware is infecting the computer. The reason the mystery folders appeared on just two computers on our network is that those were the two computers on which I installed the anti-ransomware software.

Knowing the folders are safeguards is a relief. But they irritate me, because one of my foibles is that I don't like unnecessary folders cluttering my computers (I even run RED, remove empty directories) -- a phobia that probably goes back to the days of diskettes and 30MB hard drivers, where every byte possible was kept available.